Last Updated: April 18th, 2019
At MetaOptima, your privacy is very important to us.
We are required by the Privacy Act 1988 (Cth) (Privacy Act) to comply with the APPs (The Privacy Principles). The Privacy Principles regulate the manner in which personal information is handled throughout its life cycle, from collection to handling and use and disclosure, storage, accessibility and disposal.
This Privacy Statement outlines the information collection and handling policies of MetaOptima, and describes the processes we implement in order to comply with the Privacy Principles. By providing us with your personal information, you agree to be bound by the terms of this policy.
According to the Privacy Act, personal information is information or an opinion, in any form and whether true or not, about an identified (or reasonably identifiable) individual.
The Privacy Act provides extra protections around the handling of sensitive information. Health information is regarded as one of the most sensitive types of personal information. Health information includes information or an opinion about the health or disability of an individual, an individual’s wishes about the future provision of health services to him or her and the health services provided to an individual.
What personal information we collect
Categories of Personal information that we may collect from you includes (but is not limited to): name, billing and delivery address, email address contact telephone and fax numbers, date of birth, and your elected username and password.
We may collect the following categories of personal information in the form of Patient Data including: name, address, health id number, email, ethnic origin, skin colour, skin condition, body image, skin images, diagnosis, medical notes and other related health information.
How we collect personal information
The circumstances in which we may collect personal information from you include when you:
- register on our online platform dermengine.com;
- is invited by a colleague to join our online platform;
- the company/hospital/clinic you work for creates an account and you are one of the users invited by them to join the group account;
- fill out a request for information form on our website;
- request to be contacted by us for further information about our services and products;
- complete a feedback form or product enquiry;
- request support of or assistance with using our products;
- participate in a promotional offer or competition; and/or
- subscribe to our newsletter or mailing list.
We may collect this information either online, directly on our platform, or in person. You may be anonymous or use a pseudonym when dealing with us, unless the use of your personal information is a legal requirement or it is impracticable for us to deal with you anonymously or under a pseudonym.
If you choose not to supply us with the personal information we request, we may be unable to provide you with our products or services.
We may collect personal information in the form of Patient Data in the following circumstances:
where you enter Patient Data into the DermEngine platform;
where a patient has access to a patient portal and creates a personal profile by entering personal information; or
if we migrate patient data from other internal or external systems or an Electronic Medical Record with the consent of you or the patient.
Automatically Collected Information
When you use the Service, we may automatically record certain information from your device, some of which may be personal information, by using various types of technology, including cookies, “clear gifs” or “web beacons.” This automatically collected information may include IP address or other device address or ID, web browser and/or device type, the web pages or sites visited just before or just after using the Service, the pages or other content you view or interact with on the Service, and the dates and times of the visit, access, or use of the Service. We also may use these technologies to collect information regarding your interaction with email messages, such as whether you open, click on, or forward a message. You may limit the automatic collection of certain information by our Service, for instance by disabling the cookies using your browser options. Please be aware that by doing so it may prevent you from using specific features on our Service, such as maintaining an online account. We use automatically collected information and other information collected on the Service through cookies and similar technologies to: (i) personalize our Service, such as remembering your information so that you will not have to re-enter it during a visit or on subsequent visits; (ii) provide customized advertisements, content, and information; (iii) monitor and analyze the effectiveness of Service and third party marketing activities; (iv) monitor aggregate site usage metrics such as total number of visitors and pages viewed; and (v) track your entries, submissions, and status in any promotions or other activities on the Service.
Why we collect, hold, use and disclose Personal Information
In order to provide our products and services and manage our customer relationships, we need to collect Data, including personal information in relation to our DermEngine users. We collect, hold, use and disclose personal information where it is reasonably necessary for us to carry out our business functions and activities, for example, in order to provide you with our products and services.
We also collect, hold, use and disclose personal information for related purposes that you would reasonably expect, including our administrative and accounting functions, providing you with information about other products and services offered by us, marketing and promotions, market research, newsletter communications, statistical collation and website traffic analysis. Where we wish to use or disclose your personal information, or personal information in the form of Patient Data for other purposes, we will obtain your consent.
Personal Information collected about you is only used in order to:
- verify your identity;
- provide and administer you with the products or services you have requested, or respond to your queries;
- send invoices or statements, and collect payments from you;
- notify you about existing or new products, versions, updates, services or promotions we, our related companies, or selected partner companies may offer from time to time; and
- provide our customers and potential customers with an up to date, useful and personalised website and services.
We may also use the personal information we collect in order to communicate with you including notifying you of the availability of important regular data and program version updates for your recommended download and installation, and notifying you of other product, service and company news which we believe is relevant to you and your user experience. If at any time you no longer wish to be notified about new products, services or promotions, please let us know by contacting one of our Privacy Officer, whose contact details are set out below.
We may use a third party independent contractor to conduct services which we are unable to, such as internet traffic measurement, website hosting, and patient information materials. Use of such services may involve coding being placed on web pages on the DermEngine/MetaOptima website to enable the collection and analysis of site visitor numbers, length of visit and pages visited. The contractor may collect and collate aggregate and non-personal information which is then provided to us to assist us to provide a product or service you’ve requested, and to provide you with a better user experience.
Sometimes the information we collect from you or in relation to Patient Data may include de-identified demographic information such as age, gender, location, occupation, or interests, which is not personal information. We may use such information for our own internal business purposes or to improve our products and services. We may also disclose such de-identified information to third parties including consultants, suppliers, partners, customers or potential customers.
Disclosure of Personal Information
Your patient’s personal information collected by you
It is important that your patients are aware that we do not disclose their personal information with anyone without consent. They should be aware that you can use DermEngine to store their personal information and disclose as part of healthcare providers providing them with healthcare. Their personal information might be disclosed by you through DermEngine through your use of the DermEngine service, in accordance with the access controls you have set, or as otherwise required or authorised by law.
Patients’ personal information might also be disclosed by you (healthcare provider/DermEngine user) with:
- the patient himself/herself;
- his/her authorised representative(s);
- his/her nominated representative(s) in accordance written consent;
- registered healthcare providers and healthcare provider organisations involved in patient’s healthcare;
- a registered healthcare provider (including individuals and organisations) in an emergency situation;
- registered account operators if you within health organizations;
- the Australian Commission on Safety and Quality in Health Care, where necessary to ensure the clinical safety of individuals using DermEngine system;
- MetaOptima authorized employees to assist us in establishing and operating DermEngine. These employees are bound by strict obligations to treat individuals’ personal information with the same level of respect, privacy and security that they are entitled to from MetaOptima.
Patient Data collected by us
Where we collect Patient Data that includes personal information, we may disclose it in the following ways:
- where a patient accesses a patient portal and enters personal information; or
- if we migrate patient data from other internal or external systems or an Electronic Medical Record, we may disclose that information to you as the healthcare provider with the patient’s consent.
Your personal information collected by us
We will disclose personal information we hold when required to do so by law, including in response to a court order or a subpoena. We also may disclose such information in response to a law enforcement agency’s request.
We will not disclose your personal information to partner companies for them to use for other purposes or to market their products or services to you directly, and we will endeavour to ensure that partner companies adhere to the obligations contained within the Privacy Act.
We will not otherwise disclose personal information to third parties without your consent, except to:
- contractors who provide us with services, such as call centre, billing, credit collection, help desk and support services providers;
- government, law enforcement and regulatory bodies where this is necessary for us to comply with our legal obligations; and
- parties to whom we sell all or part of our business.
We do not sell, rent or trade personal information to or with third parties.
Overseas disclosure of Personal Information
All information stored by the DermEngine platform is stored in Australia. We will not disclose or store overseas any Customer Data or Patient Data except that we may disclose Customer Data to our related company in Canada, only for the purposes of providing you with our products or services, or for the maintenance of the DermEngine platform.
If it is necessary for MetaOptima to disclose personal information outside Australia in order to provide you with our products or services, we will request your specific consent and will, before disclosing personal information overseas, take reasonable steps to ensure that the overseas recipient do not breach the Privacy Act.
How is information kept secure?
The protection and security of your personal information is something we take very seriously. We are committed to keeping personal information secure. We take robust precautions to protect personal information from misuse and loss, and from unauthorised access, modification or disclosure. We have a range of practices and policies in place to provide a secure system.
The security and protection measures of DermEngine include:
- not registering an individual if we are satisfied the individual may compromise the security or integrity of DermEngine;
- monitoring access to DermEngine accounts to quickly detect suspicious or inappropriate behaviour;
- requiring users to comply with a number of security obligations in the Privacy Act;
- a multi-layered ICT system of firewalls, gateways and portals to ensure only authorised users can access DermEngine;
- personal information transmitted or stored by or on behalf of us will be encrypted in accordance with the Australian Government Information Security Manual;
- a graduated range of enforcement options where privacy or security are breached. For serious breaches, these options include the ability to seek civil and criminal penalties for unauthorised collection, use or disclosure of health information in DermEngine;
- maintaining Access History of access to DermEngine Accounts which you can access;
- a mandatory data breach reporting procedure;
- rigorous, on-going security testing, including penetration testing;
- a framework which details how any person who wishes to access a DermEngine is appropriately identified and authenticated;
- developing and delivering education and awareness programs which highlight the need for individuals to protect themselves against security threats, hoaxes and scamming activities;
- educating employees and contractors of their obligations when handling personal information; and
- requiring employees and contractors to individually authenticate themselves when accessing DermEngine.
How we hold and store Personal Information
We take reasonable steps to ensure the personal information held by us is secured from such risks as loss or unauthorised access, destruction, use, modification or disclosure.
We keep your information, Customer Data and Patient Data in a secure cloud server in Australia.
Our systems are password protected and comply with our security standards. We only permit personal information to be accessed by authorised personnel, and our employees are required to comply with our privacy policies and respect the confidentiality of any personal information held by us. In this instance, any agent or contractor who has access to personal information we hold is required to protect this information in a manner that is consistent with our policy by, for example, not using the information for any purpose other than to carry out the service they are performing for us. We endeavour to develop and implement appropriate measures to safeguard the personal information we hold against unauthorised use or disclosure.
Access and correction of Personal Information
We take reasonable steps to make sure that the personal information we collect, use and disclose is accurate, complete and up-to-date.
You may in some instances be able to access the information we hold about you. If you would like to access your personal information, please contact our Privacy Officer, who will explain how we will handle your access request,. In some circumstances, we may not permit access to your personal information, or may refuse to correct your personal information, in which case we will provide you with reasons for this decision.
We will assume (unless you tell us otherwise) that your request for access relates to our current records about you and your patients. These current records include personal information about you which is included in our databases, and which may be used by us on a daily basis.
If you believe that personal information about you is not accurate, complete or up to date, please provide your request for correction. We will consider any requests for correction in a timely way.
Your patients also have the right to request access to personal information that we hold about them. You can give them access to their personal information in the settings control page of their profile. If you don’t know how to do that, contact us.
They can also request us through an online form to access, delete and correct their personal information.
Correcting patient information in uploaded documents
If you consider that the health or other personal information we hold about you is not accurate, complete or up-to-date, or if your information has changed, they should first contact the you, as their healthcare provider, who authored the information to correct it.
If a healthcare provider refuses to correct the information you may complain to us, or the Office of the Australian Information Commissioner.
Time of retention
If you cancel registration with DermEngine system or in case of death, the following will occur:
all documents will be kept in the system for the period recommended by law;
you, your representative will only be able to access your account by making a request to us;
other healthcare providers will only be able to access your customer account where required or authorised by law;
other healthcare providers will not be able to upload documents to your customer account;
your customer account may still be accessed by us for the purposes of maintenance, audit and other purposes required or authorised by law;
all other documents that are held by registered repository operators will be subject to local state or territory retention requirements.
If you cancel your customer account, but later re-register for an account:
your reactivated customer account may include personal information which was included in your account prior to it being cancelled.
Destruction and De-identification
MetaOptima retains personal information only whilst it is required for our business functions, or for any other lawful purpose. We use secure methods to destroy or to permanently de-identify personal information when it is no longer required or if we determine that the personal information received is required to be destroyed or permanently de-identified in accordance with the Privacy Act.
Complaints and Concerns
If you have any questions or comments about this Privacy Statement, or if you wish to complain about how we have handled personal information about you, please contact our Privacy Officer as follows:
Tel: +1 778.328.1949
We will respond to let you know who will be handling your matter and when you can expect a further response. We may request additional details from you regarding your concern, and we may need to engage or consult with other parties to investigate and deal with your issue. We will keep records of your request and any resolution.
If you are still not satisfied, you can contact the Office of the Australian Information Commissioner (http://www.oaic.gov.au), or telephone 1300 363 992.
This Privacy Statement may change from time to time and you should check regularly for updates. This policy was last updated on 18 April 2019.